On Thu, Jul 15, 2004 at 11:20:46PM +0200, Peter Eisentraut wrote:
> Magnus Hagander wrote:
> > This one makes it mandatory to pick some kind of authentication. If
> > that's not wanted, it's easy to change it to default to trust (which
> > I think is wrong, but we've been through that already..)
> 
> I don't think I like any of this.  Sooner rather than later, people need 
> to look at pg_hba.conf and think about it.  I don't like switches that 
> induce them to skip that step.  And I certainly don't like forcing 
> extra switches on users that just try out an installation locally.

I agree with this sentiment.  On the spanish list is common to see
people trying to do things on an RPM-installed server, which is
configured to use IDENT by default, and asking why they cannot connect.
The answer is always to look at pg_hba.conf and the relevant
documentation.

If it were my choice, I'd disallow connections by default completely,
and spit a reject message along the lines of "you should have a look at
pg_hba.conf".

-- 
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
"Uno combate cuando es necesario... ¡no cuando está de humor!
El humor es para el ganado, o para hacer el amor, o para tocar el
baliset.  No para combatir."  (Gurney Halleck)


---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
    (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])

Reply via email to